In this tutorial, we are going to discuss how to create an apache SSL certificate with Let’s Encrypt certificate on Centos/RHEL 6 & 7. To automate the Let’s encrypt process, we will use Let’s encrypt recommended ACME client i.e. CERTBOT, there are other ACME Clients as well but we will be using Certbot only.

Certbot can automate certificate issuance and installation with no downtime, it automatically enables HTTPS on your website. It also has expert modes for people who don’t want auto-configuration. It’s easy to use, works on many operating systems, and has great documentation.

2- Mod_ssl should also be installed on the systems. Install it using the following command,

# yum install mod_ssl

3- Epel Repositories should be installed & enables. EPEL repositories are required as not all the dependencies can be resolved with default repos, hence EPEL repos are also required. Install them using the following command,

Now let’s start with procedure to install Let’s Encrypt on CentOS /RHEL 7.

Let’s encrypt on CentOS RHEL 7

Installation on CentOS 7 can easily performed with yum, with the following command,

$ yum install certbot-apache

Once installed, we can now create the SSL certificate with following command,

$ certbot –apache

Now just follow the on screen instructions to generate the certificate. During the setup, you will also be asked to enforce the HTTPS or to use HTTP , select either of the one you like. But if you enforce HTTPS, than all the changes required to use HTTPS will made by certbot setup otherwise we will have to make changes on our own.

We can also generate certificate for multiple websites with single command,

$ certbot–apache -d example.com -d test.com

We can also opt to create certificate only, without automatically making any changes to any configuration files, with the following command,

$ certbot –apache certonly

Certbot issues SSL certificates hae 90 days validity, so we need to renew the certificates before that period is over. Ideal time to renew the certificate would be around 60 days. Run the following command, to renew the certifcate,

$ certbot renew

We can also automate the renewal process with a crontab job. Open the crontab & create a job,

$ crontab -e

0 0 1 * * /usr/bin/certbot renew >> /var/log/letsencrypt.log

This job will renew you certificate 1st of every month at 12 AM.

Let’s Encrypt on CentOS 6

For using Let’s encrypt on Centos 6, there are no cerbot packages for CentOS 6 but that does not mean we can’t make use of let’s encrypt on CentOS/RHEL 6, instead we can use the certbot script for creating/renewing the certificates. Install the script with the following command,

# wget https://dl.eff.org/certbot-auto

# chmod a+x certbot-auto

Now we can use it similarly as we used commands for CentOS 7 but instead of certbot, we will use script. To create new certificate,

# sh path/certbot-auto –apache -d example.com

To create only cert, use

# sh path/certbot-auto –apache certonly

To renew cert, use

# sh path/certbot-auto renew

For creating a cron job, use

# crontab -e

0 0 1 * * sh path/certbot-auto renew >> /var/log/letsencrypt.log

This was our tutorial on how to install and use let’s encrypt on CentOS , RHEL 6 & 7 for creating a free SSL certificate for Apache servers. Please do leave your questions or queries down below.

If you think we have helped you or just want to support us, please consider these :-